[selinux-policy: 906/3172] more dbus cleanup

Thu Oct 7 20:23:20 UTC 2010

commit 0b12fa4bd05665e302d8dae02065ce7883310b38
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Nov 1 15:19:48 2005 +0000

    more dbus cleanup

 refpolicy/policy/modules/admin/updfstab.te     |    9 +++++----
 refpolicy/policy/modules/services/bind.te      |    7 +++----
 refpolicy/policy/modules/services/bluetooth.te |    5 +++++
 refpolicy/policy/modules/services/cron.te      |    3 +++
 4 files changed, 16 insertions(+), 8 deletions(-)
---

diff --git a/refpolicy/policy/modules/admin/updfstab.te b/refpolicy/policy/modules/admin/updfstab.te
index 9550ee0..dfc42d3 100644
--- a/refpolicy/policy/modules/admin/updfstab.te
+++ b/refpolicy/policy/modules/admin/updfstab.te
@@ -120,12 +120,13 @@ ifdef(`TODO',`
 optional_policy(`rhgb.te',`
 	rhgb_domain(updfstab_t)
 ')
-ifdef(`dbusd.te',`
-allow initrc_t updfstab_t:dbus send_msg;
-allow updfstab_t initrc_t:dbus send_msg;
-')
 allow updfstab_t tmpfs_t:dir getattr;
 ifdef(`hald.te', `
 can_unix_connect(updfstab_t, hald_t)
 ')
 ')
+
+optional_policy(`dbus.te',`
+	allow initrc_t updfstab_t:dbus send_msg;
+	allow updfstab_t initrc_t:dbus send_msg;
+')
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index 7023453..c323392 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -270,11 +270,10 @@ optional_policy(`nscd.te',`
 # Partially converted rules.  THESE ARE ONLY TEMPORARY
 #
 
-gen_require(`
-	class dbus send_msg;
-')
-
 allow named_t initrc_t:dbus send_msg;
+allow initrc_t named_t:dbus send_msg;
+allow named_t dhcpc_t:dbus send_msg;
+allow dhcpc_t named_t:dbus send_msg;
 
 # cjp: this whole block was originally in networkmanager
 optional_policy(`networkmanager.te',`
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index c0fd36f..1ab8ded 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -235,3 +235,8 @@ ifdef(`targeted_policy', `
 	allow unpriv_userdomain bluetooth_t:dbus send_msg;
 ')
 ') dnl end TODO
+
+ifdef(`targeted_policy',`
+	allow bluetooth_t unconfined_t:dbus send_msg;
+	allow unconfined_t bluetooth_t:dbus send_msg;
+')
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index 1c35439..9ea0e72 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -157,6 +157,9 @@ ifdef(`targeted_policy',`
 	userdom_manage_user_home_subdir_pipes(user,crond_t)
 	userdom_manage_user_home_subdir_sockets(user,crond_t)
 	userdom_create_user_home(user,crond_t,{ dir file lnk_file fifo_file sock_file })
+
+	allow crond_t unconfined_t:dbus send_msg;
+	allow crond_t initrc_t:dbus send_msg;
 ',`
 	allow crond_t crond_tmp_t:dir create_dir_perms;
 	allow crond_t crond_tmp_t:file create_file_perms;
